Hey everyone, just wanted to ask a couple of questions here before I make a purchase on a pix515e.

Unfortunely we have close to 130 MS machines that are repeatedly getting infected with worms/trojans etc. What I would like to do is just block all outside traffic from coming in to these machines. The MS machines make outbound connections so this traffic initiated from the inside will be allowed to pass through once firewalled?

I'm not running NAT on the inside, I have public IP addresses and would like to keep them setup that way.

I have read many config examples on the 515e and they all are relating to pat/nat. Can my network be firewalled like I want with the 515e, keeping my existing IP structure in place?

For our unix servers I'm looking to use another interface on the 515e to block the most common ports instead of using the access-lists on my 7206. Sorry to ask these kind of basic questions, but the last time I configured a pix was over 4 years ago. It's obvious that i do not work with these enough to retain the stuff that I've once learned.

I have a 7206-vxr connecting to a C5000 switch. The MS servers/workstations all connect to the catalyst switch. I'll be moving the unix servers to another catalyst switch so I can dedicate a fast ether on the router for them to also pass through the pix. Or am I going about this the wrong way?

Any help is much appreciated and I thank you in advance!

Troy